Multi-factor authentication system

ABSTRACT

A suspect user ( 110 ) seeks access to a network resource from an access authority ( 150 ) utilizing a passcode received from an authentication authority ( 130 ). Initially, an ID of a device is bound with a PIN, the device ID is bound with a private key of the device, and the device ID is bound with a user ID that has been previously bound with a password of an authorized user. The device ID is bound with the user ID by authenticating the user ID using the password. Thereafter, the suspect user communicates the device ID and the PIN from the device over an ancillary communications network ( 112 ); the authentication authority responds back over the ancillary communications network with a passcode encrypted with the public key of the device; and the suspect user decrypts and communicates over a communications network ( 114 ) the passcode with the user ID to the access authority.

[0001] A portion of disclosure of this patent document including saidcomputer code contains material that is subject to copyright protection.The copyright owner has no objection to the reproduction by anyone ofthe patent document or the patent disclosure in its entirety, as itappears in the patent file or records of the U.S. Patent & TrademarkOffice, WIPO, or other governmental organization, but otherwise reservesall copyrights whatsoever.

FIELD OF THE PRESENT INVENTION

[0002] The present invention generally relates to authentication systemsand, in particular, to a multi-factor authentication system used forauthenticating a suspect user seeking access to a network resource froman access authority of a computer network.

BACKGROUND OF THE PRESENT INVENTION

[0003] A user ID and password often is required in order for a suspectuser to gain access to a network resource from an access authority of acomputer network. In such a system, the network resource may comprise anapplication, service, or device of the computer network, or even accessto the computer network itself. The access authority may comprise aserver of the computer network, which grants access once the user ID hasbeen authenticated using the password received from the suspect user.Moreover, the access authority may Include security privileges forgranting specific types of access by authenticated users, and the accessauthority may additionally perform the authentication of suspect users.

[0004] The increasing number of systems each requiring a user ID andpassword in order for a suspect user to gain access to a networkresource ultimately confuses users. To reduce confusion, users typicallychoose easy-to-remember-passwords. Otherwise, users tend to forgetcomplex passwords and record the passwords in easily accessible areasfor later reference. For example, many users maintain a list of user IDsand passwords in a spreadsheet or text file on their computer orpersonal digital assistant. Programs even have been written to helpmaintain user ID and password combinations.

[0005] Enterprises, such as corporations, Internet service providers,portals, application service providers (ASPs), e-commerce providers,online financial services, etc., must manage user IDs and passwords fortheir users. Allowing users to employ simple passwords reduces securityat a time when security attacks are increasing and are increasinglyexpensive when they occur. On the other hand, enforcing the use ofcomplex passwords and requiring passwords to be changed frequentlyincreases security, but also increases cost in the form of help desk andcustomer service calls for the resetting of passwords. The systems thathave been developed to allow users to use personal information to reseta password automatically without human intervention tend to be lesssecure because personal information can be guessed or obtainedsurreptitiously. Some systems, for example, use information from creditreports—despite the fact that credit bureaus are in the business ofproactively selling that information.

[0006] For user convenience, single sign-on systems also have beendeveloped in which a user is able to authenticate to a single trustedauthentication server, which then propagates that authentication tomultiple access authorities. While the use of a single authenticationserver eases the user burden of remembering multiple passwords foraccessing various network resources, such a system typically is limitedto accessing network resources of a single enterprise. Such a systemalso is susceptible to a security problem known as “keys to thekingdom.” If an attack gains access to the user ID and password requiredto authenticate to the authentication server, then access to all networkresources relying upon that authentication server are compromised.

[0007] Stronger forms for authenticating user IDs also have beendeveloped beyond the single-factor authentication employed in usingpasswords. Notably, hardware token such as USB tokens and time-basedtokens—RSA's SecureID is an example—are now being utilized in somemulti-factor authentication systems wherein these tokens are able touniquely identify themselves. For example, a token utilizing physicalaccess to a device and knowledge of a shared secret, such as a PIN, canconstruct a rotating key that matches a synchronized server key. Such asystem is a “two-factor” authentication system because it requiressomething the user has, i.e., the token, in addition to something theuser knows, i.e., the password. Unfortunately, each token in one ofthese two-factor authentication system is expensive, subject to loss,and typically restricted to use with one or more network resources of aparticular computer network.

[0008] In view of the foregoing, a need exists for an improvedmulti-factor authentication system that overcomes one or more of theaforementioned disadvantages of current authentication systems. One ormore of these disadvantages are overcome by one or more embodiments ofthe present invention, as described in detail below.

SUMMARY OF THE PRESENT INVENTION

[0009] Briefly described, the present invention relates to multi-factorauthentication systems.

A FIRST ASPECT OF THE PRESENT INVENTION

[0010] With regard to a first aspect of the present invention, both aPIN of a user authorized to access a network resource and a first key ofan asymmetric key pair of the authorized user are maintained inassociation with a first primary identification by an authenticationauthority such that each of the PIN and the first key are retrievablebased on the first primary identification. Within this system, a methodof the first aspect of the present invention is performed by theauthentication authority whereby the authorized user gains access to thenetwork resource from an access authority by utilizing a passcode. Themethod includes the steps of: receiving the first primary identificationand a suspect PIN from a suspect user; authenticating the first primaryidentification by considering at least one authentication factor,including comparing the suspect PIN with the PIN of the authorized usermaintained in association with the first primary identification by theauthentication authority; and following a successful authentication ofthe first primary identification, generating the passcode, encryptingthe passcode using the first key of the asymmetric key pair of theauthorized user, and communicating the encrypted passcode to the suspectuser for subsequent decryption and presentation to the access authority.

[0011] The first primary identification may include a device ID and/or adomain ID that identifies the access authority for the network resource.Preferably, the primary identification includes both the device ID andthe domain ID. Furthermore, the device ID may be an identification of apersonal communications device, such as, for example, a PDA, a mobilephone (cellular or digital), or a two-way pager device like a RIMBlackberry wireless unit.

[0012] The authorized user preferably gains access to the networkresource over a communications network, and the first primaryidentification and suspect PIN preferably is received by theauthentication authority over a communications medium different from thecommunications network. The communications network may comprise, forexample, the Internet or an intranet. The communications medium maycomprise a telecommunications network. Preferably, the suspect PIN isreceived encrypted with a first key of an asymmetric key pair of theauthentication authority, with the key pair of the authenticationauthority is generally unique to the domain ID.

[0013] The method preferably includes the further steps of: receiving asuspect passcode from the access authority; comparing the suspectpasscode with the passcode that was encrypted and communicated to thesuspect user by the authentication authority; and communicating a resultof the comparison to the access authority. Additionally, the passcodepreferably must be received by the access authority and/or theauthentication authority within a predetermined amount of time afterbeing generated in order for the user to gain access to the networkresource. The predetermined period of time preferably is short, such asless than ninety seconds in some instances or less than an hour in otherinstances.

[0014] The passcode communicated to the suspect user preferably ismaintained by the authentication authority such that the passcode isretrievable based on a first secondary identification. The firstsecondary identification comprises the combination of (i) a user ID thatrepresents an identification of the authorized user to the accessauthority, and (ii) the domain ID. The passcode received by the accessauthority preferably is communicated to the authentication authoritywith the user ID.

[0015] In a feature of this method, biometric information of theauthorized user further is maintained in association with the firstprimary identification such that the biometric information isretrievable based on the first primary identification, and the step ofconsidering at least one authentication factor by the authenticationauthority further includes comparing suspect biometric informationreceived with the first primary identification with the biometricinformation of the authorized user maintained in association with thefirst primary identification by the authentication authority. Suchbiometric information may include individual physical characteristicsbelieved to be unique to a user, such as a retinal pattern, fingerprint,or voice pattern.

[0016] In another feature of this method, a geographical location forthe authorized user is maintained in association with the first primaryidentification such that the geographical information is retrievablebased on the first primary identification, and the step of consideringat least one authentication factor by the authentication authorityfurther includes comparing a geographical location identified as theorigin of communication of the suspect PIN with the geographic locationmaintained in association with the first primary identification by theauthentication authority.

[0017] In yet another feature of this method, a time range for theauthorized user is maintained in association with the first primaryidentification such that the time range is retrievable based on thefirst primary identification. In this feature, the step of consideringat least one authentication factor by the authentication authorityfurther includes comparing with the time range with a time of receipt ofthe first primary authentication and the suspect PIN. The time range maycomprise a window of time or a plurality of discontinuous windows oftime for permitted receipt of the suspect PIN, such as during only thedaily hours of 6am to midnight, or only business hours for weekdays andmornings on weekends.

[0018] In accordance with the first aspect of the present invention, theauthorized user is additionally authorized to access a second networkresource, and both a second PIN of the authorized user and a first keyof a second asymmetric key pair of the authorized user are maintained bythe authentication authority in association with a second primaryidentification such that each of the second PIN and the first key of thesecond key pair of the authorized user are retrievable based on thesecond primary identification. Furthermore, in preferred embodiments thesecond asymmetric key pair may in fact be the same as the firstasymmetric key pair.

[0019] Moreover, the method preferably includes the additional steps of:receiving the second primary identification and a suspect second PIN;authenticating the second primary identification by considering at leastone authentication factor, including comparing the suspect second PINwith the second PIN of the authorized user maintained in associationwith the second primary identification by the authentication authority;and following a successful authentication of the second primaryidentification, generating a second passcode, encrypting the secondpasscode using the first key of the second asymmetric key pair of theauthorized user, and communicating the encrypted second passcode to thesuspect user for subsequent decryption and presentation to the accessauthority.

[0020] The second primary identification preferably comprises thecombination of the device ID and a second domain ID, and the secondpasscode communicated to the suspect user preferably is maintained bythe authentication authority such that the second passcode isretrievable based on a second secondary identification. The secondsecondary identification preferably comprises the combination of (i) asecond user ID that represents an identification of the authorized userto an access authority with respect to the second network resource, and(ii) the second domain ID.

[0021] Additionally, a first key of a second asymmetric key pair of theauthentication authority preferably is maintained by the authenticationauthority in association with the second domain ID such that the firstkey is retrievable based on the second domain ID, with the second keypair being generally unique to the second domain ID.

A SECOND ASPECT OF THE PRESENT INVENTION

[0022] With regard to a second aspect of the present invention, both aPIN of a user authorized to access a network resource and a first key ofan asymmetric key pair generally unique to a personal communicationsdevice of the authorized user are maintained by an authenticationauthority in association with an identifier such that each of the PINand the first key are retrievable based on the identifier.

[0023] Within this system, the second aspect relates to a method wherebythe authorized user gains access to the network resource from an accessauthority. The method includes the steps of: receiving a challengerequest with respect to a suspect user seeking to gain access to thenetwork resource from the access authority; in response to the challengerequest, communicating a challenge to the suspect user, receiving achallenge response and the identifier; and authenticating the identifierby comparing the challenge response to a function of the challenge, thePIN maintained by the authentication authority in association with theidentifier, and the first key maintained by the authentication authorityin association with the identifier. The key pair preferably is generatedby the authentication authority and the first key of the key pair iscommunicated by the authentication authority to the personalcommunications device of the authorized user. Furthermore, the first keypreferably is communicated to the personal communications device of theauthorized user upon initial receipt of the PIN from the authorized userfor maintaining in association with the identifier.

[0024] The function preferably includes the hashing of the challenge,PIN, and first key. The identifier preferably includes a user ID thatidentifies the authorized user to an access authority that grants accessto the network resource and, additionally, a domain ID that identifiesthe access authority for the network resource. The identifier thuspreferably comprises the secondary ID of the aforementioned preferredmethods.

[0025] In other preferred embodiments of this aspect of the presentinvention, the function preferably includes the hashing of the (i)challenge, (ii) PIN, and (iii) first key of the asymmetric pair that isgenerally unique to the user device and that was provided by theauthentication authority, as well as (i) a first key of an asymmetrickey pair that is generally unique to the user device but that wasgenerated within the device and not provided by the authenticationauthority, (ii) a first key of a key pair of the authenticationauthority that is generally unique to the domain ID, and (iii) thedomain ID itself.

A THIRD ASPECT OF THE PRESENT INVENTION

[0026] A third aspect of the present invention relates to a method forgaining access by a user to a network resource. The method includes thesteps of: communicating a PIN and a first primary identification over anancillary communications network to an authentication authority;receiving an encrypted passcode over the ancillary communicationsnetwork from the authentication authority; decrypting the passcode usinga key of an asymmetric key pair; and communicating the passcode and auser ID over a communications network to an access authority.Additionally, the method preferably includes the additional step ofmanually entering the PIN into the personal communications device forcommunicating the PIN over the ancillary communications network to theauthentication authority. Preferably, the encrypted passcode is receivedand decrypted by the personal communications device, and the key withwhich the passcode is decrypted preferably is stored within andgenerally unique to the personal communications device. The passcode andthe user ID also preferably are communicated over the communicationsnetwork using another device different from the personal communicationsdevice, such as a laptop or desktop computer.

[0027] The method preferably further includes the step of manuallyreading the passcode from a display of the personal communicationsdevice for communicating the passcode over the communications network.The method also preferably includes the additional steps ofcommunicating a second PIN and a second primary identification over theancillary communications network to the authentication authority,receiving a second encrypted passcode over the ancillary communicationsnetwork from the authentication authority, decrypting the secondpasscode using a key of a second asymmetric key pair; and communicatingthe passcode and a second user ID over the communications network toanother access authority.

A FOURTH ASPECT OF THE PRESENT INVENTION

[0028] A fourth aspect of the present invention relates to a method forregistering for access by an authorized user with respect to a networkresource. The method includes the steps of: generating a firstasymmetric key pair generally unique to a device of the authorized user;communicating in association with a device ID of the device to anauthentication authority over an ancillary communications network both afirst key of the first asymmetric key pair and a PIN of the authorizeduser; receiving an encrypted registration code over the ancillarycommunications network from the authentication authority; decrypting theregistration code using the second key of the first asymmetric key pairof the device; and communicating the registration code to an accessauthority over a computer network in associating with a user ID thatidentifies the authorized user to the access authority. Preferably, thePIN is not stored within the device following its encryption andcommunication to the authentication authority and wherein the second keyof the key pair of the device is not exported from the device.

A FIFTH ASPECT OF THE PRESENT INVENTION

[0029] A fifth aspect of the present invention relates to a method inwhich an authorized user is registered with an authentication authorityfor later authenticating of a suspect user seeking to gain access froman access authority to a network resource. The method includes the stepsof: generating within a device of the authorized user a first asymmetrickey pair of the authorized user that is generally unique to the device,and communicating with the device a first key of the first asymmetrickey pair in association with a device ID of the device to theauthentication authority over an ancillary communications network;receiving and maintaining by the authentication authority the first keyin association with the device ID, and communicating by theauthentication authority to the device of the authorized user over theancillary communications network a first key of a first key asymmetrickey pair of the authentication authority that is generally unique to adomain ID; encrypting by the authorized user with the device using thefist key of the asymmetric key pair of the authentication authority aPIN of the authorized user that is entered into the device, andcommunicating by the authorized user the encrypted PIN in associationwith the device ID to the authentication authority over the ancillarycommunications network; decrypting by the authentication authority thePIN and maintaining the PIN in association with the device ID and thedomain ID, encrypting by the authentication authority using the firstkey associated with the device ID a registration code, and communicatingby the authentication authority the registration code to the device ofthe authorized user over the ancillary communications network;decrypting by the authorized user within the device the encryptedregistration code using the second key of the first asymmetric key pairof the authorized user, and communicating by the authorized user over acommunications network the registration s code to an access authority inassociation with a user ID identifying the authorized user to the accessauthority; and comparing the registration code received with the user IDwith the registration code encrypted and sent to the authorized user.Preferably the PIN is not stored within the device following itsencryption and communication to the authentication authority, andpreferably the first key of the key pair of the device is not exportedfrom the device. Moreover, the first asymmetric key pair of theauthorized user preferably is generally unique to the domain ID.

[0030] The method preferably further includes the step of communicatingby the access authority the user ID and the registration code to theauthentication authority, and the step of comparing the registrationcode received with the user ID with the registration code encrypted andsent to the user is performed by the authentication authority. In thisregard, the device ID preferably is communicated by the access authoritywith the registration code to the access authority. The user IDpreferably is maintained by the authentication authority in associationwith the device ID such that a passcode maintained in association withthe device ID is retrievable based on the user ID and/or the device ID.

A SIXTH ASPECT OF THE PRESENT INVENTION

[0031] A sixth aspect of the present invention relates to a method ofgranting access to a suspect user seeking to access a network resource.This method includes the steps of first, (i) maintaining credentials ofthe authorized user such that the credentials are retrievable based onthe user ID, (ii) receiving a user ID, registration code, and suspectcredentials, (iii) comparing the suspect credentials with thecredentials maintained in association with the user ID, and (iv) upon asuccessful authentication of the user ID by matching the suspectcredentials with the maintained credentials, communicating the user IDand registration code to an authentication authority. The credentials ofthe authorized user include (i) a password of the authorized user and/or(ii) information transmitted from a token of an authorized user,including a temporal-based or sequential-based value. Thereafter, themethod includes the steps of granting access to the network resource toa suspect user upon, (i) receiving a user ID and passcode from thesuspect user, (ii) communicating the user ID and passcode to theauthentication authority, and (iii) receiving an indication of asuccessful passcode comparison by the authentication authority.

[0032] In accordance with the sixth aspect, the method preferablyfurther includes the steps of additionally receiving suspect credentialswith the user ID and passcode, comparing the suspect credentials withthe password maintained in association with the user ID, andcommunicating the user ID to the authentication authority only upon asuccessful match of the suspect credentials with the maintainedcredentials.

A SEVENTH ASPECT OF THE PRESENT INVENTION

[0033] A seventh aspect of the present invention relates to a method ofupgrading a single-factor authentication system to a two-factorauthentication system wherein a suspect user seeks access to a networkresource and the single-factor authentication system includes thebinding of a user ID with credentials of an authorized user. The methodof the seventh aspect Includes the steps of: (i) initially binding adevice ID of a device with a PIN, (ii) binding the device ID with aprivate key of the device, and (iii) binding the device ID with the userID, including authenticating the user ID with the credentials; and,thereafter, (i) authenticating the device ID including, as part thereof,communicating from the device the device ID and the PIN over anancillary communications network, (ii) authenticating the deviceincluding, as part thereof, communicating to the device over theancillary communications network a passcode encrypted with the publickey corresponding to the device private key and decrypting the passcodeusing the device private key, and (iii) communicating the unencryptedpasscode over a communications network with the user ID.

OTHER ASPECTS AND FEATURES

[0034] Other aspects of the present invention include, inter alia,computer-readable media having computer-executable instructions forperforming part or all of the methods of the aforementioned aspects ofthe present invention and modifications and variations thereof.

[0035] In aspects of the present invention, additional features include:the device as a wireless device, a GPS device, and/or a JAVA-enableddevice; the ancillary communications network as a trusted network; thecommunications network as an untrusted network; and transportingcommunications over the communications network and/or the ancillarycommunications network using a secure transport protocol. Moreover, theauthentication authority may comprise a program, module, or a server, orrefer to an entity maintaining such program, module, or server, and theaccess authority may comprise a second program, module, or server, orrefer to a second entity maintaining the second program, module, orserver. In either case, the authentication authority and the accessauthority preferably are distinct. Indeed, the authentication authoritypreferably works in conjunction with several access authorities inaccordance with these aspects of the present invention.

[0036] These and other features of the invention will be more readilyunderstood upon consideration of the attached drawings and of thefollowing detailed description of those drawings and the presentlypreferred embodiments of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS

[0037] Further features and benefits of the present invention will beapparent from a detailed description of preferred embodiments thereoftaken in conjunction with the following drawings, wherein similarelements are referred to with similar reference numbers, and wherein:

[0038]FIG. 1 illustrates a first preferred multi-factor authenticationsystem according to the present invention;

[0039]FIG. 2 illustrates a preferred system for user registration forthe multi-factor authentication system of FIG. 1;

[0040]FIG. 3 illustrates a second preferred multi-factor authenticationsystem according to the present invention;

[0041]FIG. 4 illustrates a preferred system for user registration forthe multi-factor authentication system of FIG. 3;

[0042]FIG. 5 illustrates a flowchart of steps of a method of themulti-factor authentication system of FIG. 1;

[0043]FIG. 6 illustrates a flowchart of steps of a method of thepreferred, user registration system of FIG. 2;

[0044]FIG. 7 illustrates a flowchart of steps of a method of themulti-factor authentication system of FIG. 3;

[0045]FIG. 8 illustrates a flowchart of steps of a method of thepreferred user registration system of FIG. 4;

[0046]FIG. 9 illustrates a first preferred commercial embodiment of amulti-factor authentication system according to the present invention;and

[0047]FIG. 10 illustrates a second preferred commercial embodiment of amulti-factor authentication system according to the present invention.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS OF THE INVENTION

[0048] As a preliminary matter, it will readily be understood by thosepersons skilled in the art that the present invention is susceptible ofbroad utility and application in view of the following detaileddescription of the preferred devices and methods of the presentinvention. Many devices, methods, embodiments, and adaptations of thepresent invention other than those herein described, as well as manyvariations, modifications, and equivalent arrangements, will be apparentfrom or reasonably suggested by the present invention and the followingdetailed description thereof, without departing from the substance orscope of the present invention. Accordingly, while the present inventionis described herein in detail in relation to preferred devices, methodsand systems, it is to be understood that this disclosure is illustrativeand exemplary and is made merely for purposes of providing a full andenabling disclosure of the preferred embodiments of the invention. Thedisclosure herein is not intended nor is to be construed to limit thepresent invention or otherwise to exclude any such other embodiments,adaptations, variations, modifications and equivalent arrangements, thepresent invention being limited only by the claims appended hereto andthe equivalents thereof.

[0049] Furthermore, as used herein, “PIN,” “passcode,” and “password”each broadly refers to a shared secret used for authentication purposesand all are considered synonyms herein, with none intended to imply anyparticular syntax of the secret itself.

[0050] The use of “asymmetric key pair” refers to a pair of keys inwhich that encrypted with at least one of the keys may be decrypted onlywith the second key. However, in accordance with the present invention,that encrypted with the second key may or may not be decrypted with thefirst key.

[0051] Finally, in accordance with the present invention, “ancillarycommunications network” and “communications network” identify differentcommunications networks, with the ancillary communications networkreferring to a communications network between a user and anauthentication authority over which a PIN is sent and a passcode isreceived by the user, and with “communications network” referring to acommunications network between a user and an access authority over whichthe passcode is sent by the user to the access authority. The ancillarycommunications network preferably comprises a telecommunications networkand the communications network preferably comprises a computer network.Furthermore, a network resource preferably is accessed by the user overthe communications network through which the user communicates with theaccess authority. The communications network and the ancillarycommunications network also may overlap to certain extents such as, forexample, where a computer utilizes a telephone line to connect to anInternet service provider.

[0052] With reference now to FIG. 1, a preferred embodiment of amulti-factor authentication system 100 in accordance with the presentinvention is illustrated. The system 100 includes a suspect user 110, anauthentication authority 130, and an access authority 150. The suspectuser 110 seeks to gain access to a network resource from the accessauthority 150 utilizing an encrypted passcode provided to the suspectuser 110 by the authentication authority 130.

[0053] Specifically, when the suspect user 110 desires to gain access tothe network resource, the suspect user 110 communicates to theauthentication authority-130 over an ancillary communications network112 a primary ID and a suspect PIN. In response, the authenticationauthority 130 compares the suspect PIN with a PIN of an authorized userthat is retrieved based on the primary ID. If the suspect PIN matchesthe retrieved PIN of the authorized user, and if the primary IDotherwise successfully authenticates, then the authentication authority130 communicates back to the user 110 over the ancillary communicationsnetwork 112 a passcode that is encrypted with a first key (K¹) of anasymmetric key pair of the authorized user. The authentication authority130 maintains the passcode in association with the primary ID in thecomputer-readable storage medium.

[0054] The passcode comparison may be the only factor considered by theauthentication authority 130 at this time. Alternatively, theauthentication authority 130 also may utilize additional factors inauthenticating the device ID. Thus, for example, since the device canutilize a telecommunications network such as a wireless network, thegeographical location of the user 110 at the time of generating thepasscode request can be determined. An authorized user can set theboundaries of the geographical locations from which a valid passwordrequest can originate. Additionally, certain time ranges can also beset. Furthermore, a geographical location can be coupled with a timerange. For example, on weekdays during working hours, a valid requestmay only originate from an area around the user's office, while aresidence may be valid during the weekends. In addition, the system 100can track usage patterns and determine if a request is within normalparameters. Furthermore, voice patterns and other biometrics of the user110 can be stored at the authentication authority 130 and utilized forauthentication.

[0055] In any event, upon the receipt of an encrypted pass code by thesuspect user 110, the suspect user 110 decrypts the encrypted passcodeusing a second key of the asymmetric key pair and communicates to theaccess authority 150 over a communications network 114 a suspectpasscode and a user ID of the authorized user. The user ID identifiesthe authorized user to the access authority 150.

[0056] The access authority 150, in turn, communicates the suspectpasscode and, if the passcode itself also does not already serve as asecondary ID to identify the suspect user 110 to the authenticationauthority 130, then a secondary ID of the suspect user 110 is alsoincluded with the suspect passcode in the communication to theauthentication authority 130. The access authority 150 may communicatethe suspect passcode over the ancillary communications network 112, thecommunications network 114, or yet a third communications network, andthe particular communications network itself that is utilized by theaccess authority 150 in communicating with the authentication authority130 forms no part of the broadest definitions of the invention herein.

[0057] In response to the access authority 150 communicating the suspectpasscode to the authentication authority 130, and based on the secondaryID of the suspect user 110, the authentication authority 130 thenauthenticates the secondary ID by comparing the suspect passcode withthe passcode previously encrypted and communicated to the suspect user110. The authentication authority 130 then communicates an indication ofthe result of the passcode comparison back to the access authority 150.The access authority 150, in turn, grants access to the network resourceto the suspect user 110 as a function of the authentication resultreceived from the authentication authority 130. In other words, if thesuspect user 110 is an authorized user of the network resource based onthe authentication result, then the suspect user 110 is granted accessto the network resource by the access authority 150. Conversely, if thesuspect user 110 is not an authorized user of the network resource basedon the authentication result, then the suspect user 110 is not grantedaccess to the network resource by the access authority 150.

[0058] With reference to FIG. 2, a registration system 200 isillustrated by which an authorized user 210 registers with theauthentication authority 130 for later seeking access to the networkresource from the access authority 150 in accordance with the system 100of FIG. 1. The authentication authority 130 is identified by inputting aserver code—preferably of only twelve digits—into the user device asmore fully described below with reference to commercial embodiments.

[0059] In the registration system 200, the authorized user 210 provideshis or her primary ID, the first key (K¹ _(user)), and PIN to theauthentication authority 130 over the ancillary communications network112, and the authentication authority 130 provides its first key (K¹_(auth)) to the authorized user 110 together with configurationinformation. In particular, a preferred sequence of communications inthis key exchange includes: first, the provision of the primary ID witha registration request made to the authentication authority 130 and, inresponse thereto, the provision of the first key (K¹ _(auth)) of theauthentication authority 130 to the authorized user 110; and, second,the provision of the first key (K¹ _(user)) of the user in combinationwith the PIN to the authentication authority 130, all encrypted with thefirst key (K¹ _(auth)) of the authentication authority 130. Preferably,this key exchange occurs entirely over the ancillary communicationnetwork 112.

[0060] The authentication authority 130 receives and maintains the firstkey and PIN of the authorized user 210 in association with the primaryID in a computer-readable storage medium such that each of the first keyand the PIN of the authorized user 210 is subsequently retrievable basedon receipt of the primary ID of the authorized user 210. Theauthentication authority 130 then encrypts a registration code (regcode) using the first key of the authorized user 210 and communicatesthe encrypted registration code to the authorized user 210 over theancillary communications network 112.

[0061] Upon receipt thereof, the authorized user 210 decrypts theencrypted registration code using the second of the asymmetric key pairand communicates the unencrypted registration code together with a userID to the access authority 150 over the communications network 114.Furthermore, credentials (not shown) of the authorized user 210preferably are communicated with the user ID and registration code forauthentication of the user ID in accordance with the then-currentauthentication system that is utilized by the access authority 150.

[0062] Upon authentication of the user ID using the credentials, theaccess authority 150 communicates the suspect registration code and asecondary ID to identify the authorized user 210 to the authenticationauthority 130. The access authority 150 may communicate the suspectregistration code and secondary ID over the ancillary communicationsnetwork 112, the communications network 114, or yet a thirdcommunications network 116, and the particular communications networkitself that is utilized by the access authority 150 in communicatingwith the authentication authority 130 forms no part of the broadestdefinitions of the invention herein.

[0063] In response to the access authority 150 communicating the suspectregistration code and secondary ID to the authentication authority 130,the authentication authority 130 first confirms that the suspectregistration code matches a valid registration code (i.e., one that waspreviously encrypted and communicated to an authorized user). If so,then the authentication authority 130 associates the secondary ID of theauthorized user 210 with the primary ID of the authorized user 210 inthe computer-readable storage medium such that any subsequent passcodeassigned to or otherwise associated with the primary ID is subsequentlyretrievable based on receipt of the secondary ID. If the suspectregistration code does not match a valid registration code, then noassociation is made between the secondary ID of the authorized user 210with the primary ID of the authorized user 210 in the computer-readablestorage medium.

[0064] The authentication authority 130 then communicates an indicationof the result of the registration code comparison back to the accessauthority 150. The access authority 150, in turn, enables the authorizeduser 210 for authentication by way of the system 100 if the indicatedresult from the authentication authority 130 is a successful match.

[0065] In preferred embodiment of the systems 100,200, the primary IDincludes a device ID of a device of the authorized user in which isgenerated and stored the second key of the asymmetric key pair of theauthorized user. Furthermore, if the passcode does not also function asthe secondary ID in the system 100, then the secondary ID includes theuser ID, and, upon a successful registration code match by theauthentication authority 130 in system 200, the authentication authority130 associates the secondary ID with the primary ID such that, in thesystem 100, a passcode associated with the primary ID is retrievable bythe authentication authority 130 based upon the later receipt of thesecondary ID.

[0066] The methods of the systems 100,200 also may be repeated inconjunction with a plurality of access authorities 150 for a singleauthentication authority 130. In such case, each of the primary ID andsecondary ID preferably further includes a domain ID that generallyuniquely identifies the appropriate access authority 150 to theauthentication authority 130 with respect to the network resource soughtto be accessed.

[0067]FIG. 3 illustrates another preferred embodiment of a multi-factorauthentication system 300 in accordance with the present invention. Likethe system 100 of FIG. 1, the system 300 includes a suspect user 110, anauthentication authority 130, and an access authority 150. The suspectuser 110 also seeks to gain access to a network resource from the accessauthority 150, but not by utilizing an encrypted passcode received bythe suspect user 110 from the authentication authority 130. In thesystem 300, the suspect user 110 is unable to communicate with theauthentication authority over the ancillary communications network 112.This may occur, for example, when the suspect user 110 is out ofcommunications range with the ancillary communications network 112. Inthis situation, the suspect user 110 nevertheless may be able tocommunicate with the access authority 150 and the network resourceassuming access is granted. Accordingly, the system 300 provides amethod by which the suspect user 110 is able to seek and gain accesswithout having to communicate at that time over the ancillarycommunications network 112.

[0068] In accordance with this preferred system 300, the suspect user110 requests from the access authority 150 access to the networkresource preferably by communicating over communications network 114 tothe access authority 150 a user ID without a passcode (not shown). Theabsence of the passcode indicates to the access authority theunavailability of the ancillary communications network 112 to thesuspect user 110. Accordingly, the access authority 150 requests fromthe authentication authority 130 over the communications network 116 achallenge for the secondary ID corresponding to the user ID (not shown).

[0069] In response to the challenge request, the authenticationauthority 130 issues a challenge to the access authority 150 overcommunications network 116. The access authority 150, in turn,communicates the challenge to the suspect user 110. Alternatively, theaccess authority 150 may generate the challenge itself.

[0070] Upon receipt of the challenge, the suspect user 110 communicatesa challenge response back to the access authority 150. The challengeresponse comprises a function of the challenge itself, a PIN of anauthorized user 210, and a first key of an asymmetric key pair that isgenerally unique to a device ID. The access authority 150 thencommunicates the challenge response in association with the secondary IDback to the authentication authority 130 over the communications network116.

[0071] Upon receipt of the challenge response and the secondary ID, theauthentication authority 130 retrieves, based on the secondary ID, boththe PIN of the authorized user 210 and the first key of the asymmetrickey pair of the authentication authority 130 for that secondary ID. Theauthentication authority 130 then reconstructs the challenge responsebased on the retrieved PIN and first key as well as, inter alia, thechallenge itself, and compares the reconstructed challenge response tothe challenge response that was received. The secondary ID isauthenticated upon the successful matching of the received challengeresponse with the reconstructed challenge response by the authenticationauthority 130. The authentication authority 130 then communicates anindication of the result of the challenge response comparison to theaccess authority 150 over the communications network 116.

[0072] The key pair of which the first key is utilized in constructingthe challenge response preferably is generated by the authenticationauthority 130 during the registration process. In particular, the firstkey of the key pair is communicated by the authentication authority 130to the authorized user 210 during registration process 400 asillustrated in FIG. 4. As will be apparent from a,comparison of FIGS. 2and 4, the registration processes 200,400 are identical except for theadditional inclusion of this first key with the registration code in itsencrypted communication over the communications network 112 to theauthorized user 210.

[0073] Turning now to FIG. 5, steps of a preferred method 500 of themulti-factor authentication system of FIG. 1 are illustrated, wherein asuspect user requests a passcode to obtain access to a network resource.The suspect user preferably initiates the method 500 when he or sheexecutes a passcode request application on a device of the suspect user.Preferably, the device is a personal communication device of the suspectuser. When executed, the application prompts the suspect user toidentify (Step 504) the network resource(s) to which access is desiredby selecting a domain for the network resource(s). Upon selection of thedomain, the application prompts the suspect user to input (Step 506) thePIN previously registered by the authorized user of the device andassociated with the selected domain, as discussed hereinafter withregard to FIG. 6.

[0074] The application then creates (Step 508) a passcode requestcontaining the primary ID and the PIN input by the suspect user (i.e.,the “suspect PIN”). As stated previously, in preferred embodiments, theprimary ID includes the device ID of the device possessed by the suspectuser. If there is more than one domain for a network resource to whichthe authorized user is entitled to access, then the primary ID alsoincludes a domain ID (or “domain designation”) associated with thedomain selected by the suspect user which identifies an access authorityfor that domain to the authentication authority.

[0075] Furthermore, the PIN is encrypted using a first key (e.g.,“public key”) of an asymmetric key pair of the authentication authorityprior to its inclusion in the passcode request. The passcode requestthen is communicated (Step 512) over the ancillary communicationsnetwork to the authentication authority.

[0076] The authentication authority receives the passcode request,decrypts (Step 514) the PIN and compares (Step 516) the decryptedsuspect PIN with the PIN of the authorized user that is retrieved basedon the primary ID of the passcode request. If the suspect PIN matchesthe retrieved PIN of the authorized user in Step 516, then theauthentication authority generates (Step 518) a passcode. Preferably,the passcode is time stamped (Step 520) and then recorded (Step 522) inassociation with the primary ID in a computer-readable storage medium.The authentication authority then encrypts (Step 524) the time-stampedpasscode using the first key (K¹) of an asymmetric key pair of theauthorized user and communicates (Step 526) the encrypted passcode overthe ancillary communications network to the suspect user. On the otherhand, if the suspect PIN does not match in Step 516 the retrieved PIN ofthe authorized user, then the authentication authority generates andreturns (Step 519) an error message to the suspect user indicating thatthe PIN input by the suspect user is invalid or was incorrectly inputinto the device.

[0077] The suspect user decrypts (Step 528) the encrypted passcode usingthe device and, specifically, using the second key (K²) of theasymmetric key pair of the authorized user, which is preferably storedwithin the device. The suspect user then communicates (Step 530) thepasscode, which is still considered a “suspect passcode” at this point,and a user ID of the authorized user over the communications network tothe access authority.

[0078] Upon receipt of the suspect passcode and user ID, the accessauthority communicates (Step 532) the suspect passcode to theauthentication authority for authentication. If the suspect passcodedoes not already serve as a secondary ID to identify the suspect user(and potentially also the access authority), then the secondary ID isalso communicated in Step 532 with the suspect passcode.

[0079] The access authority then authenticates the secondary ID of thesuspect user by comparing (Step 534) the suspect passcode associatedwith the secondary ID (as received from the access authority) to thepreviously generated passcode associated with the primary ID.Preferably, a time stamp associated with the passcode is also used forvalidation of the suspect passcode.

[0080] If the suspect passcode matches the previously generated passcodein Step 534, then the authentication authority indicates (Step 537) tothe access authority an indication of the successful authentication ofthe secondary ID, upon which the access authority then grants (Step 538)access to the requested network resource to the now authorized user. Onthe other hand, if the suspect passcode does not match the previouslygenerated passcode in Step 534, then the authentication authoritycommunicates (Step 536) back to the access authority an indication ofthe unsuccessful authentication of the secondary ID, upon which theaccess authority then denies (Step 539) access to the requested networkresource to the suspect user.

[0081] Turning now to FIG. 6, steps of a method 600 of the preferreduser registration system of FIG. 2 are illustrated in which anauthorized user registers with the authentication authority for thepurpose of later being able to request and obtain a passcode for accessto a network resource.

[0082] In this regard, to ensure that communications between theauthorized user and authentication authority are secure, it is desirableas a preliminary matter for the authorized user to obtain a first key(e.g., public key) of an asymmetric key pair of the authenticationauthority, whereby communications from the authorized user sent to theauthentication authority may be encrypted.

[0083] The method begins when the authorized user executes (Step 602) aregistration request application on a device of the authorized user.Upon execution, the application creates (Step 604) a registrationrequest containing the primary ID, which preferably includes the deviceID of the device and the domain ID for the relevant domain for whichregistration is being requested, and the first key (K¹) of an asymmetrickey pair of the authorized user, which key pair is stored on and ispreviously generated within the device. For security purposes, theregistration request is encrypted using the first key of theauthentication authority and then communicated (Step 606) to theauthentication authority over the ancillary communications network.

[0084] The authentication authority decrypts the encrypted registrationrequest and stores (Step 608) the primary ID and first key (K¹) in acomputer-readable storage medium such that the first key is subsequentlyretrievable based on the primary ID. The authentication authority thengenerates a PIN request that is communicated (Step 610) to theauthorized user over the ancillary communications network.

[0085] In response thereto, the device receives the PIN request and theregistration request application then prompts the authorized user toinput a PIN for use with the device when requesting a passcode foraccess to the network resource(s) of the identified domain. In responsethereto, the authorized user inputs the PIN into the device inconventional manner (e.g., by inputting the PIN twice to ensure notypographical errors between the two entries). The primary ID and PINare then communicated (Step 612) to the authentication authority overthe ancillary communications network (again encrypted again using thefirst key of the authentication authority).

[0086] In response thereto, the authentication authority decrypts theencrypted primary ID and PIN and stores (Step 614) the PIN in thecomputer-readable storage medium such that the PIN is subsequentlyretrievable based on the primary ID. The authentication authority thengenerates (Step 616) a registration code (reg code), which is encrypted(Step 618) using the first key (K¹) of the device, and then communicated(Step 620) to the authorized user over the ancillary communicationsnetwork.

[0087] Upon receipt thereof, the authorized user decrypts (Step 622) theencrypted registration code using the second key of the asymmetric keypair that is stored within the device. The authorized user thencommunicates (Step 624) the unencrypted registration code together witha user ID to the access authority over the communications network. Othercredentials of the authorized user preferably are also communicated withthe user ID and registration code in Step 624 for authentication (Step626) of the user ID in accordance with the then-current authenticationsystem that is utilized by the access authority.

[0088] Upon authentication of the user ID in Step 626 using the usercredentials, the access authority communicates (Step 628) to theauthentication authority the registration code considered by the accessauthority to be suspect. A secondary ID also is sent with the suspectregistration code for purposes of later identifying the authorized userto the authentication authority based thereon. If the user ID is notauthenticated with the credentials, then an error is indicated (Step630) and the method ends.

[0089] Upon receipt of the secondary ID and suspect registration, theauthentication authority first confirms (Step 632) that the suspectregistration code matches a valid registration code (i.e., one that waspreviously encrypted and communicated to an authorized user). If so,then the authentication authority associates (Step 634) the secondary IDof the authorized user with the primary ID of the authorized user in thecomputer-readable storage medium such that any subsequent passcodeassigned to or otherwise associated with the primary ID is subsequentlyretrievable based on receipt of the secondary ID. If the suspectregistration code does not match a valid registration code In Step 632,then no association is made between the secondary ID of the authorizeduser with the primary ID of the authorized user in the computer-readablestorage medium.

[0090] The authentication authority also communicates (Steps 636,640) anindication of the result of the registration code comparison back to theaccess authority. The access authority, in turn, enables (Step 638) theauthorized user for authentication by way of the system 100 if theindicated result from the authentication authority is a successfulmatch.

[0091] Turning now to FIG. 7, steps of the preferred method 300 of themulti-factor authentication system of FIG. 3 are illustrated. The stepsshown begin with a request (Step 702) for a challenge code that is madeto the authentication authority by the access authority. In response,the authentication authority generates (Step 704) a challenge code thatis then communicated (Step 706) via the access authority to the suspectuser seeking access from the access authority to a network resource. Theuser receives the challenge code and enters (Step 708) the challengecode into the device of s the user together with the PIN of theauthorized user. The device then computes a challenge response (Step710) based on a key of an asymmetric key pair of the authenticationauthority, PIN of the authorized user, and challenge code. The devicethen displays the resulting challenge response to the user. Thechallenge response is preferably of manageable size for display andmanual reading and entering on a keypad. The user reads the challengeresponse from a display of the device and communicates (Step 712) itback to the access authority, which in turn communicates it back to theauthentication authority with the secondary ID. The authenticationauthority then authenticates (Step 714) the secondary ID based on thechallenge response by reconstructing it. If the challenge response fromthe suspect user matches in Step 716 the reconstructed challengeresponse, i.e., the response is valid, then access is granted (Step 718)by the access authority, and if the challenge response from the suspectuser does not match in Step 716 the reconstructed challenge response,i.e., the response is invalid, then access is denied (Step 720) by theaccess authority.

[0092]FIG. 8 illustrates a flowchart of certain steps of the preferredregistration process 400 of FIG. 4. As set forth above, the registrationprocess 400 is generally the same as the registration process 200described above, with the additional steps as identified in FIG. 8. Inthis regard, these additional steps include: generating a pair ofasymmetric encryption keys of the authentication authority (Step 815)which is generally unique to the device of the authorized user that isregistering; encrypting (Step 817) the first key, of this secondarytogether with the registration code that is sent to the authorized user,ie., encrypting the first key of the secondary pair with the first keyof the asymmetric key pair of the authorized user that is received fromthe authorized user during registration; sending (Step 819) theencrypted first key of the secondary pair and the registration code tothe user via the ancillary communications network; decrypting (Step 821)the first key of the secondary pair and the registration code using thesecond key of the asymmetric key pair of the authorized user; andstoring (Step 823) the first key of the secondary pair within the deviceand using it for computation of a challenge response in accordance withan aspect of the present invention. Because the first key of thesecondary pair of the authentication authority preferably is not usedbut for computation of the challenge response, and because this key issafely stored on the device of the user, matching a received challengeresponse with a reconstructed challenge response by the authenticationentity results in the strong indication that the device of theauthorized user actually computer the challenge response.

DETAILED DESCRIPTION OF PREFERRED COMMERCIAL EMBODIMENTS OF THEINVENTION

[0093] Commercial embodiments of the present multi-factor authenticationsystem are designed to be commercially viable as a strong multi-factorsecurity system. The s commercial wireless authentication system employsnew application ready wireless devices as an out-of-band method forreceiving passcodes into intranets, virtual private networks (VPNs),highly secured websites, and other access restricted systems. The systemutilizes a wireless device as a passcode reception device to gain accesson a secure wired network.

[0094] The wireless authentication system is designed to be as secure asexisting two-factor security systems with significantly less costs toimplement and maintain. Like existing two-factor authentication methods,the present commercial wireless authentication system requires thepasscodes to be derived and verified in two separate network channels:the wireless network, and the wired, network service. Throughverification of the validity of the device and optional triangulation,the passcodes are authenticated and matched against a named user.However, the present authentication system differs from other two-factorsystems in several key ways:

[0095] 1) The intelligence of the passcode generation is not within theclient device, preventing theft and reverse engineering;

[0096] 2) The system is not 100% counter/time/algorithm-based (as aremost competing systems), preventing the existence of N+1 and N−1 validcodes as the single-use devices age and lose synchronization;

[0097] 3) The system generates a code only when requested, notcontinuously when not needed, which would open the system to algorithmanalysis or cracking;

[0098] 4) The system employs no single-use devices, which eliminates theexpenditure for and investment in short-life devices; and

[0099] 5) The system can support multiple security domains both on theclient, to reduce the need for multiple single use devices, and on theserver, to enforce flexible security policies.

[0100] Instead, the present wireless system uses a portable,multi-function wireless device that is increasingly present in bothpersonal and business environments. Thus, the present wirelessauthentication system uses a single device for accessing all subscribedsystems and enjoys the ultimate portability while avoiding the need forusers to install software on each system that they use. Furthermore, thesystem adds unified identification to the user's existing wirelessdevice providing a versatile multifunction capability and increasing theconvenience for the user.

[0101] Wireless devices have encapsulated strong unique identificationprinciples and secure protocols for device to server communications. Aserver based authentication model may be constructed to that equates theunique identification of the wireless device to the unique persona ofthe device operator. Using shared secrets and secure communicationmethods, access to the wireless device and the knowledge of userapplication credentials, a real-time token generation system can bedeployed which will provide an extremely secure identification andauthentication system.

[0102] The present wireless authentication system is based on the uniqueproperties of a wireless device that allows and ensures thattransmissions are routed to the correct device. In the attempt to avoidfraudulent use of wireless networks, an infrastructure has been createdthat when coupled with the various inventions of the present systemallows for strong identification and authentication of a user in asystem or network environment.

[0103] Turning now back to the figures, FIG. 9 provides an overview ofthe operation of a commercial wireless authentication system 900. Asillustrated, the wireless authentication system 900 entails a passcodeto be derived and verified in two separate network channels. Thepasscode is derived over the mobile network 914, while verified over awired network 914.

[0104] A wireless personal communication device 922 is the clientplatform for the identification of the individual user 914 and utilizedfor the provision of passcodes. The wireless authentication system 900supports application ready wireless devices 922 such as RIM BLACKBERRYdevices, java-enabled telephones, personal digital assistants (PDAs),WINDOWS CE clients, PALM devices, and the like. In order to utilize thewireless authentication system, a small client application is installedon the wireless device 922. The application manages several processesincluding key generation, registration, passcode requests, passcodereception, and offline passcode verification, all of which are discussedin greater detail in connection with the following figures.

[0105] As previously stated, the wireless device 922 is utilized toobtain a passcode to access a wired authentication server (WAS) 930. TheWAS 930 can be configured to operate with any operating system. However,one commercial embodiment runs a hardened version of Linux 2.4.18. Theoperating system running on the WAS appliance can be hardened in thefollowing ways:

[0106] 1) The engineering staff applies security kernel patches, systempatches and application patches.

[0107] 2) All processes run under an unprivileged user, includingapplication processes, application server processes, protocol modulesand database server processes.

[0108] 3) All unnecessary services, including network services such astelnet, ftp, line printer, etc. are removed from the system, ifpossible, or disabled.

[0109] 4) A netfilter IP-tables firewall process is created andconfigured to remove access to unwanted and unneeded processes,applications and ports.

[0110] 5) Access to any process—most importantly the terminal services,file transfer services and database administration services—areconducted over an encrypted connection (SSH2) and negotiated throughpublic key exchange.

[0111] 6) Additionally, inherently non-encrypted services (like databaseadministration services) are conducted over a SSH2 tunneled connection.

[0112] 7) All internal services are conducted over an access controlledloop back service.

[0113] 8) All file system, application and system services are set todeny access by default.

[0114] 9) All elements within the file system are set to read-only andaccessed by an unprivileged user.

[0115] 10) Buffer overruns, unchecked variables and other applicationweaknesses are protected.

[0116] 11) Access to the cryptographic keys and database passwords isvia a protected process. The keys and passwords never appear in plaintext on the file system.

[0117] Additionally, in this embodiment, the WAS 930 uses mainlyJAVA-based server components and application components. The underlyingdatabase 935 is an embedded version of Sybase, which is self-containedand does not require database administration. The WAS database 935 is adatabase of domains, devices, users, and protocol modules.

[0118] In order for the WAS 930 to communicate with network clients 950,the WAS 930 has installed the appropriate protocol modules. Oneembodiment supports Remote Authentication Dial In User Service (RADIUS)and a proprietary wireless authentication system protocol.

[0119] RADIUS is a standard TCP/IP based service for authorization andaccess control. The RADIUS protocol is detailed within the InternetEngineering Taskforce RFC 2865 with additional information provided byRFC's 2866 to 2869. The RADIUS protocol can be less secure thanproprietary protocols since it utilizes a MAC encoding of the packetswithin the protocol exchange. Consequently, it is normally utilized ontrusted networks, e.g., corporate Intranets, or to support standard VPNand dial-in clients. RADIUS is supported by Microsoft's RAS, Cisco'srouting and firewall software as well as by most of the terminal and PPPdevice makers. The WAS 930 can support fully RADIUS authentication andless fully RADIUS accounting and proxy features.

[0120] The proprietary protocol is encrypted for the verification ofpasscodes from certain network clients 950. The proprietary protocol canbe more secure than RADIUS since it can utilize full asymmetric payloadand transport encryption, but it requires use of an applicationcomponent to be implemented within a network client 950. Typically, thecomponent is a JAVA bean that can be integrated into a website, a webapplication, a client-server application or as a forwarding servicewithin an LDAP service.

[0121] In addition, the WAS 930 can offer a web-based administrativeutility for the management of the server components. The WAS 930 canprovide a fully web-enabled administration utility to create, modify,enable and disable each of the components utilized. Most of the WAS 930administration is completed using an administration application. Thisentirely web-based system provides administration of wireless devices922, security domains, users 910, protocol modules, network clients 950and preferences. In addition, the application provides access to logs,reports, statistics and help.

[0122] Network clients 950 provide network services on the wired networkchannel 914. They can vary greatly in their implementation, depending onthe requirements of the organization that deploys the wirelessauthentication system 900. For example, a network client 950 can be afirewall that provides VPN services to a partner extranet (via RADIUS)or a private website that provides sales support services (via aproprietary protocol over SSL). The options are limitless as long as thenetwork client implements either RADIUS (as most network devices), aproprietary protocol through an application component, or other futurestandard protocols adopted for authentication or access control.

[0123] The network clients 950 are accessed by users 914 desiring accessto a network service on a wired network 914. The WAS 930 employs themobile network 912 for receiving the passcodes for authorization intointranets, VPNs, and highly secure websites. The passcode receptionprocess and passcode provision process are conducted over two separateand distinct channels. One channel is the untrusted wireless network 912(or trusted private wireless network for telecoms), while the other isan untrusted or trusted wired network 914. Strong encryption should beutilized when transmission takes place on an untrusted network. Inshort, the passcode is received on one band by the wireless device 922and provided on another by any separate computing device 926 that canaccess the wired network 914. The transfer between the bands isaccomplished manually by the user 910.

[0124] In order to gain access to a secure network resource, the user910 initiates a passcode request by selecting a domain and entering aPIN for the selected domain. The PIN was created during a registrationprocess discussed later in greater detail. The wireless deviceapplication generates the passcode request. The passcode requestconsists of payload that includes a device identification (device ID),the PIN, and a server identification (server ID) encrypted with generalserver key provided in the registration process. The passcode request istransmitted to the wireless authentication server ONAS) 930 over anencrypted SSL connection.

[0125] After receiving the passcode request, the WAS 930 decrypts therequest with its local server key. The server looks up in an associateddatabase 935 the requesting wireless device for the selected domainusing the device ID and verifies the PIN.

[0126] In addition, the WAS 930 may use location information as part ofthe authentication process. A wireless network 912 can providegeographic location information by using triangulation of theoriginating communication. The triangulation can be accomplished by thesignal strengths received at various network towers 990 in the wirelessnetwork system 912. Furthermore, many wireless devices include built inGPS location service that using the known GPS system 980. Consequently,these enabled wireless devices 922 can provide exact locationinformation. A user 910 can specify valid geographic boundaries for theorigination of a passcode request such as an office, residence, airport,city, state, or other geographic area. Likewise a user 910 can specifytime ranges for a valid request such as weekdays during normal workhours. Clearly, geographic location and a time range can be merged suchthat a valid request can be from an office during normal work hours anda residence during off hours. Furthermore, usage patterns can be trackedand deviations from a pattern can trigger additional securityrequirements.

[0127] If the authenticating information is validated, the WAS 930creates a passcode that is encrypted with the general device key. Thepasscode is time stamped and valid for only a predetermined time periodbased upon the security requirements of the domain. Typically, apasscode is valid only for 60 seconds or 90 second. However, it isconceivable passcodes could be valid up to a month or more depending onthe sensitivity of the network resource. The WAS 930 returns thepasscode to the wireless device 922 via SSL.

[0128] When the passcode is received, the message is decrypted with thedevice local key. This key is unique to the domain and has never beentransmitted from the device 922. The passcode is displayed on the device922 and the user 910 can use the passcode to gain access to the networkservice 950.

[0129] Before a wireless device 922 can communicate with the WAS 930,the device 922 is first registered within the WAS 930 and associatedwith a security domain. In this commercial embodiment, each supportedsecurity domain requires approximately 1200 bytes of storage on thewireless device 922. There are two main methods for registering a device922:

[0130] If the domain is configured for auto-registration, the wirelessdevice 922 can request registration through the client application.First, the user 910 uses the client application to request that thedevice 922 be added to the WAS 930 and security domain in question. Aserver code is entered by the user 910. This server code can be providedby a technical security staff or automatically displayed to the user 910upon successful entry into an existing security system Once this12-digit server code has been entered into the device 922, the user 910establishes a PIN for the domain connection. A separate PIN can beprovided for each domain, and it is recommended that the user 910establish unique PINs for each domain. At this point In the process, thegeneral device key that was generated in the key generation process isprovided to the WAS 930. The WAS 930 will then record the cryptographickey and provide the domain's general key, a unique identifier for theinstance of the device within the security domain and a largeregistration code. Additionally, the server 930 will generate a secondset of keys unique for that particular client device 922 in the securitydomain for offline passcode verification.

[0131] The registration code is a one-use temporary element. It is not apasscode or password and cannot be used for access into a networkresource 950. Instead, the registration code is used to associate thewireless device 922 with a known user 910 within a trusted system. It ispossible that the association can take place outside of the wirelessauthentication system 900; however, in most cases, it will be on aregistration website within the administration system. When the user 910goes to the registration website (or other registration system), theuser 910 may be required to enter an existing user ID, identifyinginformation, and the registration code. The identifying information isthe credentials that are acceptable to the network client for validatinga user 910. This process associates the wireless device 922 with theuser 910, verifies the wireless device 922 as valid within the securitydomain and activates the wireless device 922 within the security domain.

[0132] If the domain is not configured for auto-registration, much ofthe auto-registration process is still followed. The key exchange issame. One major difference is in the final registration step. Instead ofthe user 910 completing this step, the administrator of the WAS 930would associate the wireless device 922 with the user ID and securitydomain and enable it. The manual process can be used when an existinguser 910 joins the system 900 and continuity with the existing system isdesired.

[0133] The WAS 930 stores named users and associates each user 910 witha device 922 and a security domain. This process allows for login withina network service, whether it is via a RADIUS-based VPN, secure website,or any other service that is provided by a network client 950.

[0134] The WAS 930 contains a database 935 of domains, devices, users,and protocol modules. Additionally, the WAS 930 also offers a web-basedadministrative utility for the management of these components. Eachinstance of authorization, the WAS 930 runs under a particular securitydomain. The security domain is intended to segregate users 910 withrespect to access and services. For example, Intranet access may beprovided with one domain, partner extranet access with another, andpublic Internet (Website) access with a third. Separate securitypolicies can be provided for each domain and access can be granted on adevice/individual user basis. Unlike other systems, the client for eachdomain (the wireless device 922) is the same. Upon creation, each domaingenerates a key pair for payload encryption within the passcoderequest/passcode reception process. These keys are the domain local keyand the domain general key and are exchanged in the registrationprocess.

[0135] The cryptographic signature or device profile for each wirelessdevice 922 is stored within the WAS 930 and associated with a domain 950and user 922. In the case of encrypted mode (recommended since thewireless network 912 is untrusted), the cryptographic signature is a1024 bit-equivalent general device key as generated in the registration.This strong, asymmetric encryption key is generated on the device 922and serves to identify a valid device 922 within the security domain andto provide payload security during the reception of passcodes. Thedevice 922 also receives, stores and utilizes the public key of the WAS930, which is provided by the server 930 during the registrationprocess. Once these keys are exchanged and the device-domain PINestablished, the wireless device 922 becomes a registered or trusteddevice.

[0136] When the application is started for the first time, theapplication automatically generates a key pair: a local device key and ageneral device key. These keys are used for the decryption of thepayload from the WAS 930 and identification of the device 922. The keysare asymmetric, and the strength of the key pair is approximatelyequivalent to RSA1024 bits. The time for the key generation processaverages 14 seconds.

[0137] The commercial embodiment uses the NTRU algorithm from NTRUCryptosystems, Inc. for this key generation and in turn for the payloadencryption. It is generally accepted that the encryption strength of theNTRU modified lattice algorithm is approximately the same as existingelliptical curve or RSA asymmetric algorithms. However, with theinferior computing power of wireless devices 922, the NTRU algorithm issuperior because it is much, much faster when running on the device 922.For security reasons, it is preferred that the key generation becompleted on the device 922, not on a PC 926 or server and transferredto the device 922. In this way the local device key never leaves thedevice 922 and is not subject to interception, electronic copying orredistribution. Thus, the wireless device 922 functions similarly to asmart card. But unlike a smart card, it does not require a wired reader,which greatly reduces the cost of implementation and greatly increasesportability.

[0138] When a security domain is created within the WAS 930, two keysare generated for the domain: 1) the server local key {SK¹} and thegeneral server key {SK²}, these keys roughly relate to the securitydomain's public and private key respectively; however, terminology usedby the NTRU algorithm does not match RSA's terminology precisely. At theinitiation of the client applications the device creates a key pair thelocal device key {CK¹} and the general device key {CK²}.

[0139] When communication is initiated by an unregistered device 922,the device 922 communicates with the WAS 930 based on the “'server code”{SC}entered by the user 910. This code is either a zero-padded IPaddress representing the address on the Internet or a 12-digit aliaswithin the systems net namespace (for ASP services). After resolving theaddress {RA} of the target, the devices will request the following URLand POST {CK²} to <stdin> via https:

[0140] https://<{SC}|{RA}//wikid/servlet/InitDeviceS?a=0&S={SC}

[0141] The server 930 expects exactly 255 bytes for the {CK²}. Theserver 930 will encrypt the following message:

[0142] CK²{[UTF encoded string][int][int][long][int][bytes]}

[0143] Corresponding to:

[0144] CK²{[domain name][minPIN][PIN TTL][deviceID({DID})][SK²length][{SK²}]}

[0145] The typical length of the reply (after expansion) isapproximately 3526 bytes depending on configuration and length of {SK²}.The device should decrypt string with {CK¹} and prompt for PIN,utilizing the minPIN. The PIN selection is then encrypted with {SK²} andPOSTed to:

[0146] https://<{SC}|{RA}/wikid/servlet/InitDevicesS?a=1&d={DID}&s={SC}

[0147] The server will expect 251 bytes on <stdin>. The server decryptswith {SK¹} and verifies. Then, the server replies with the followingencrypted message:

[0148] CK²{[reg code {RC}]}

[0149] Typical length is 263 bytes (251 bytes+[http overhead]). Thedevice should enable and display the domain name. In order to increasethe system security, the PIN and {RC} are not stored on the device incase of theft. The wireless device 922 is not enabled until theregistration is complete on the second, wired channel network 914. Theremainder of the registration generally takes place within the wiredchannel network 914.

[0150] Without strong encryption, the system 900 would not be as secureas current two-factor systems. Simply put, the weakness of using anuntrusted network channel, namely the wireless network, is significantwithout strong cryptography. Therefore, the client software employsstandard 128-bit SSL for transport security. In addition, the wirelessauthentication system 900 encrypts the payload of the passcode requestand passcode reception as previously noted. This allows forprocess-to-process encryption in addition to the application-to-networkservice encryption provided by SSL. On the Java phones SSL is supportedby the MIDP system; on the BLACKBERRY it is accomplished with aproprietary MOBITEXT gateway.

[0151] Network clients 950 provide network services on the wired networkchannel 914. They can vary greatly in their implementation, depending onthe requirements of the organization that deploys the wirelessauthentication system 900. For example, a network client 950 can be afirewall that provides VPN services to a partner extranet (via RADIUS)or a private website that provides sales support services (via aproprietary protocol over SSL). Those skilled in the art willacknowledge that the options are limitless. However, for a networkclient 950 to become active within the WAS security domain, it is firstregistered. The registration of network clients is accomplished throughthe administration system.

[0152] In the commercial embodiment, it is the responsibility of thenetwork client 950 to provide passcodes via a computer network 916 forverification by the WAS 930. Typically, the network client 950 willprovide to the WAS 930 the passcode and the user ID. The network client950 does not verify the code itself; instead it provides the code to theWAS 930 through the chosen protocol. When the result (acceptance ordenial) of the code is returned from the WAS 930 via the computernetwork 916, the network client 950 acts upon the acceptance (ordenial). In the case of RADIUS devices, the network is devices 950 areby design programmed to act on the acceptance or denial of the code. Inthe case of network clients 950 using a proprietary protocol, theappropriate access granting action should also be taken.

[0153] Turning to FIG. 10, illustrated is a commercial embodiment foroffline passcode verification. Offline passcode verification is utilizedwhen the wireless network 1012 is not accessible. This state may be dueto the user 1010 being out-of-range of wireless network 1012or for otherreasons.

[0154] When the WAS 1030 can not be reached by a wireless device 1022,the offline verification process can be instituted by the network client1050. Based on the user's action, the network client can request achallenge code from the WAS 1030, rather than requesting a passcodeverification. This action can be taken in response to the user 1010, notproviding any response to a passcode input field over a computer network1014 from a computing device 1026.

[0155] Upon receiving a null code for the passcode, the WAS 1030provides a large (usually 12 digit) code for the challenge code to thenetwork client 1050 over a computer network 1016. The network client1050, in turn, displays the challenge code to the user 1010.

[0156] The user 1010 runs a client application on the wireless device1022 in offline mode and enters the challenge code into the device 1022.The device 1022 assembles the following message: [general device key|PINfor domain|challenge code] (separators are shown for readability) andencrypts it with a secondary general server key used only for offlineverification. This key pair is specific to the wireless client 1022 andthe security domain. The encrypted payload is hashed with SHA1 producinga 20 byte string of ASCII characters. The string is base62 encoded anddisplayed to the user 1010.

[0157] The user 1010 then returns to the process associated with thenetwork client 1050, such as web page login or terminal server login,and enters the resulting message as an answer to the challenge.

[0158] The challenge answer is provided by the network client 1050 tothe WAS 1030 over an encrypted (or in the case of RADIUS encoded andthrough CHAP) connection 1016. The WAS 1030 decrypts the message withthe server local key for offline verification, repeats the messagecreation above and compares the SHA1 hash. The result of the challengeverification is returned to the network client 1050. Based upon theresult, the network 1050 can grant or deny access.

[0159] In view of the foregoing detailed description of preferredembodiments of the present invention, it readily will be understood bythose persons skilled in the art that the present invention issusceptible of broad utility and application. While various aspects havebeen described in particular contexts of use, the aspects may be usefulin other contexts as well. Many embodiments and adaptations of thepresent invention other than those herein described, as well as manyvariations, modifications, and equivalent arrangements, will be apparentfrom or reasonably suggested by the present invention and the foregoingdescription thereof, without departing from the substance or scope ofthe present invention. Furthermore, any sequence(s) and/or temporalorder of steps of various processes described and claimed herein arethose considered to be the best mode contemplated for carrying out thepresent invention. It should also be understood that, although steps ofvarious processes may be shown and described as being in a preferredsequence or temporal order, the steps of any such processes are notlimited to being carried out in any particular sequence or order, absenta specific indication of such to achieve a particular intended result.In most cases, the steps of such processes may be carried out in variousdifferent sequences and orders, while still falling within the scope ofthe present inventions. Accordingly, while the present invention hasbeen described herein in detail in relation to preferred embodiments, itis to be understood that this disclosure is only illustrative andexemplary of the present invention and is made merely for purposes ofproviding a full and enabling disclosure of the invention. The foregoingdisclosure is not intended nor is to be construed to limit the presentinvention or otherwise to exclude any such other embodiments,adaptations, variations, modifications and equivalent arrangements, thepresent invention being limited only by the claims appended hereto andthe equivalents thereof.

What is claimed is:
 1. In a system wherein both a PIN of a userauthorized to access a network resource and a first key of an asymmetrickey pair of the authorized user are maintained in association with afirst primary identification by an authentication authority such thateach of the PIN and the first key are retrievable based on the firstprimary identification, a method performed by the authenticationauthority whereby the authorized user gains access to the networkresource from an access authority with a passcode, the method comprisingthe steps of: (a) receiving the first primary identification and asuspect PIN from a suspect user; (b) authenticating the first primaryidentification by considering at least one authentication factor,including comparing the suspect PIN with the PIN of the authorized usermaintained in association with the first primary identification by theauthentication authority; and (c) following a successful authenticationof the first primary identification, (i) generating the passcode, (ii)encrypting the passcode using the first key of the asymmetric key pairof the authorized user, and (iii) communicating the encrypted passcodeto the suspect user for subsequent decryption and presentation to theaccess authority.
 2. The method of claim 1, further comprising the stepsof: (a) receiving a suspect passcode from the access authority; (b)comparing the suspect passcode with the passcode that was encrypted andcommunicated to the suspect user by the authentication authority; and(c) communicating an indication of a result of the comparison to theaccess authority.
 3. The method of claim 2, wherein the passcode must bereceived within a predetermined amount of time after being generated inorder to gain access to the network resource.
 4. The method of claim 3,wherein the predetermined period of time is less than ninety seconds. 5.The method of claim 3, wherein the predetermined period of time isarbitrarily configurable by an administrator of the authenticationauthority.
 6. The method of claim 1, wherein the authorized user gainsaccess to the network resource over a communications network and whereinsaid step of receiving the first primary identification and suspect PINincludes receiving the first primary identification and suspect PIN overan ancillary communications network.
 7. The method of claim 6, whereinthe communications network is the Internet.
 8. The method of claim 6,wherein the communications network is an intranet.
 9. The method ofclaim 6, wherein the communications network is an untrusted network. 10.The method of claim 6, wherein communications over the communicationsnetwork are encrypted.
 11. The method of claim 6, wherein the ancillarycommunications network is a telecommunications network.
 12. The methodof claim 6, wherein the ancillary communications network is a trustednetwork.
 13. The method of claim 1, wherein biometric information of theauthorized user further is maintained in association with the firstprimary identification such that the biometric information isretrievable based on the first primary identification, and wherein saidstep of considering at least one authentication factor by theauthentication authority further includes comparing suspect biometricinformation received with the first primary identification with thebiometric information of the authorized user maintained in associationwith the first primary identification by the authentication authority.14. The method of claim 13, wherein the biometrical informationrepresents a physical characteristic of the authorized user.
 15. Themethod of claim 14, wherein the biometric information represents a voicepattern of the user.
 16. The method of claim 14, wherein the biometricinformation represents a retina pattern of the user.
 17. The method ofclaim 14, wherein the biometric information represents a fingerprint ofthe user.
 18. The method of claim 1, wherein a geographical location forthe authorized user is maintained in association with the first primaryidentification such that the geographical location is retrievable basedon the first primary identification, and wherein said step ofconsidering at least one authentication factor by the authenticationauthority further includes comparing a geographical location identifiedas the origin of communication of the suspect PIN with the geographiclocation maintained in association with the first primary identificationby the authentication authority.
 19. The method of claim 1, wherein atime range for the authorized user is maintained in association with thefirst primary identification such that the time range is retrievablebased on the first primary identification, and wherein said step ofconsidering at least one authentication factor by the authenticationauthority further includes comparing with the time range with a time ofreceipt of the first primary authentication and the suspect PIN.
 20. Themethod of claim 1, wherein the first primary identification comprises adevice ID.
 21. The method of claim 20, wherein the device ID is anidentification of a personal communications device.
 22. The method ofclaim 21, wherein the personal communications device comprises a PDA.23. The method of claim 21, wherein the personal communications devicecomprises a wireless device.
 24. The method of claim 21, wherein thepersonal communications device comprises a GPS device.
 25. The method ofclaim 21, wherein the personal communications device comprises aJAVA-enabled device.
 26. The method of claim 21, wherein the personalcommunications device comprises a mobile phone.
 27. The method of claim21, wherein the personal communications device comprises a two-way pagerdevice.
 28. The method of claim 1, wherein the first primaryidentification includes a domain ID.
 29. The method of claim 1, whereinthe first primary identification comprises a combination of a device IDand a domain ID.
 30. The method of claim 29, wherein the suspect PIN isreceived encrypted with a first key of an asymmetric key pair of theauthentication authority, the key pair of the authentication authoritybeing generally unique to the domain ID.
 31. The method of claim 29,wherein the passcode communicated to the suspect user is furthermaintained by the authentication authority such that the passcode isretrievable based on a first secondary identification.
 32. The method ofclaim 31, wherein the first secondary identification comprises thecombination of (i) a user ID that represents an identification of theauthorized user to the access authority and (ii) the domain ID.
 33. Themethod of claim 29, wherein the authorized user is additionallyauthorized to access a second network resource, and wherein both asecond PIN of the authorized user and a first key of a second asymmetrickey pair of the authorized user are maintained by the authenticationauthority in association with a second primary identification such thateach of the second PIN and the first key of the second key pair of theauthorized user are retrievable based on the second primaryidentification.
 34. The method of claim 33, wherein a first key of asecond asymmetric key pair of the authentication authority is maintainedby the authentication authority in association with a second domain IDsuch that the first key of the second asymmetric key pair of theauthentication authority is retrievable based on the second ID, thesecond key pair of the authentication authority being generally uniqueto the second domain ID.
 35. The method of claim 33, further comprisingthe steps of, (a) receiving the second primary identification and asuspect second PIN; (b) authenticating the second primary identificationby considering at least one authentication factor, including comparingthe suspect second PIN with the second PIN of the authorized usermaintained in association with the second primary identification by theauthentication authority; and (c) following a successful authenticationof the second primary identification, (i) generating a second passcode,(ii) encrypting the second passcode using the first key of the secondasymmetric key pair of the authorized user, and (iii) communicating theencrypted second passcode to the suspect user for subsequent decryption.36. The method of claim 33, wherein the second primary identificationcomprises a combination of the device ID and the second domain ID. 37.The method of claim 33, wherein the second passcode communicated to thesuspect user is further maintained by the authentication authority suchthat the second passcode is retrievable based on a second secondaryidentification.
 38. The method of claim 37, wherein the second secondaryidentification comprises a combination of (i) a second user ID thatrepresents an identification of the authorized user to an accessauthority with respect to the second network resource, and (ii) thesecond domain ID.
 39. Compute-readable medium having computer-executableinstructions for performing the steps of claim
 1. 40. Compute-readablemedium having computer-executable instructions for performing the stepsof claim
 2. 41. Computer-readable medium having computer-executableinstructions that perform a method comprising the steps of: (a)maintaining a PIN of an authorized user of a network resource and afirst key of an asymmetric key pair of the authorized user inassociation with a primary identification such that each of the PIN andthe first key are retrievable based on the primary identification; (b)retrieving the PIN of the authorized user based on the primaryidentification received over an ancillary communications network andcomparing the retrieved PIN with a suspect PIN also received over theancillary communications network with the primary identification; (c)generating a passcode and encrypting the passcode using the first key ofthe asymmetric key pair of the authorized user for communicating backover the ancillary communications network; (d) maintaining the passcodein association with a secondary identification such that the passcode isretrievable based on the secondary identification; and (e) retrievingthe generated passcode based on the secondary identification that isreceived and comparing the retrieved passcode with a suspect passcodealso received with the secondary identification.
 42. Thecomputer-readable medium of claim 40, wherein the method furtherincludes the step of communicating an indication of a result of thepasscode comparison.
 43. The computer-readable medium of claim 40,wherein the method further includes the step of receiving the secondaryidentification and suspect passcode from an access authority that grantsto a suspect user access to the network resource based on the passcodecomparison.
 44. The computer-readable medium of claim 40, wherein theancillary communications network is a telecommunications network. 45.The computer-readable medium of claim 40, wherein the ancillarycommunications network is a trusted network.
 46. The computer-readablemedium of claim 40, wherein the method further comprises the steps ofmaintaining biometric information of the authorized user in associationwith the primary identification such that the biometric information isretrievable based on the primary identification, and comparing suspectbiometric information received with the primary identification over thecommunications medium with the biometric information of the authorizeduser maintained in association with the first primary identification.47. The computer-readable medium of claim 40, wherein the method furthercomprises the steps of maintaining geographical location for theauthorized user in association with the primary identification such thatthe geographical information is retrievable based on the primaryidentification, and comparing a geographical location identified as theorigin of communication of the suspect PIN received with the primaryidentification with the geographic location maintained in associationwith the primary identification.
 48. The computer-readable medium ofclaim 40, wherein the method further comprises the step of maintaining asecond PIN of the authorized user and a first key of another asymmetrickey pair of the authorized user in association with a second primaryidentification such that each of the second PIN and the first key of thesecond pair are retrievable based on the second primary identification.49. A computer system including the computer-readable medium of claim40.
 50. In a system wherein both a PIN of a user authorized to access anetwork resource and a first key of an asymmetric key pair generallyunique to a personal communications device of the authorized user aremaintained by an authentication authority in association with anidentifier such that each of the PIN and the first key are retrievablebased on the identifier, a method performed by the authenticationauthority whereby the authorized user gains access to the networkresource from an access authority, the method comprising the steps of:(a) with respect to a suspect user seeking to gain access to the networkresource from the access authority, receiving a challenge request fromthe access authority in association with an identifier; (b) in responseto the challenge request, communicating a challenge to the accessauthority; (c) receiving from the access authority a challenge responseand the identifier; and (d) authenticating the identifier by comparingthe challenge response to a function of, (i) the challenge; (ii) the PINmaintained by the authentication authority in association with theidentifier; and (iii) the first key maintained by the authenticationauthority in association with the identifier.
 51. The method of claim51, wherein the key pair is generated by the authentication authorityand the first key of the key pair is communicated by the authenticationauthority to the personal communications device of the authorized user.52. The method of claim 51, wherein the first key is communicated to thepersonal communications device of the authorized user upon initialreceipt of the PIN from the authorized user for maintaining inassociation with the identifier.
 53. The method of claim 51, wherein thefunction includes hashing of the (i) challenge, (ii) PIN, and (iii)first key of the asymmetric pair that is generally unique to the userdevice and that was provided by the authentication authority, as well as(i) a first key of an asymmetric key pair that is generally unique tothe user device but that was generated within the device and notprovided by the authentication authority.
 54. The method of claim 51,wherein the identifier includes a user ID that identifies the authorizeduser to the access authority.
 55. The method of claim 51, wherein theidentifier comprises (i) a user ID that identifies the authorized userto the access authority, and (ii) a domain ID that identifies the accessauthority to the authentication authority.
 56. The method of claim 51,wherein the personal communications device comprises a PDA.
 57. Themethod of claim 51, wherein the personal communications device comprisesa wireless device.
 58. The method of claim 51, wherein the personalcommunications device comprises a GPS device.
 59. The method of claim51, wherein the personal communications device comprises a JAVA-enableddevice.
 60. The method of claim 51, wherein the personal communicationsdevice comprises a mobile phone.
 61. The method of claim 51, wherein thepersonal communications device comprises a two-way pager device.
 62. Themethod of claim 51, wherein the first key is communicated over anancillary communications network and the challenge request is receivedover a communications network.
 63. The method of claim 62, wherein thecommunications network comprises the Internet.
 64. The method of claim62, wherein the communications network comprises an intranet.
 65. Themethod of claim 62, wherein the communications network comprises anuntrusted network.
 66. The method of claim 62, wherein communicationsover the communications network are encrypted.
 67. The method of claim62, wherein the ancillary communications network comprises atelecommunications network.
 68. The method of claim 62, wherein theancillary communications network is a trusted network. 69.Compute-readable medium having computer-executable instructions forperforming the steps of claim
 51. 70. A method for gaining access by auser to a network resource, comprising the steps of: (a) communicating aPIN and a first primary identification over an ancillary communicationsnetwork to an authentication authority; (b) receiving an encryptedpasscode over the ancillary communications network from theauthentication authority; (c) decrypting the passcode using a key of anasymmetric key pair; and (d) communicating the passcode and a user IDover a communications network to an access authority.
 71. The method ofclaim 70, further comprising the step of communicating biometricinformation in addition to the PIN and first primary identification overthe ancillary communications network.
 72. The method of claim 70,wherein the communications network comprises the Internet.
 73. Themethod of claim 70, wherein the communications network comprises anintranet.
 74. The method of claim 70, wherein the communications networkcomprises an untrusted network.
 75. The method of claim 70, whereincommunications over the communications network are encrypted.
 76. Themethod of claim 70, wherein the ancillary communications network is atelecommunications network.
 77. The method of claim 70, wherein theancillary communications network is a trusted network.
 78. The method ofclaim 70, wherein the PIN and first primary Identification arecommunicated over the ancillary communications network using a personalcommunications device.
 79. The method of claim 78, wherein the personalcommunications device comprises a PDA.
 80. The method of claim 78,wherein the personal communications device comprises a wireless device.81. The method of claim 78, wherein the personal communications devicecomprises a GPS device.
 82. The method of claim 78, wherein the personalcommunications device comprises a JAVA-enabled device.
 83. The method ofclaim 78, wherein the personal communications device comprises a mobilephone.
 84. The method of claim 78, wherein the personal communicationsdevice comprises a two-way pager device.
 85. The method of claim 78,further comprising the step of manually entering the PIN into thepersonal communications device for communicating the PIN over theancillary communications network to the authentication authority. 86.The method of claim 78, wherein the first primary identificationincludes a device ID of the personal communications device.
 87. Themethod of claim 78, wherein the first primary identification comprises(i) a device ID of the personal communications device and (ii) a domainID that identifies the access authority to the authentication authority.88. The method of claim 78, wherein the encrypted passcode is receivedand decrypted by the personal communications device.
 89. The method ofclaim 78, wherein the key with which the passcode is decrypted is storedwithin and generally unique to the personal communications device. 90.The method of claim 78, wherein the passcode and user ID arecommunicated over the communications network using another devicedifferent from the personal communications device.
 91. The method ofclaim 90, wherein the other device is a computer of a computer network.92. The method of claim 90, further comprising the step of manuallyreading the passcode from a display of the personal communicationsdevice for communicating the passcode over the communications network.93. The method of claim 70, further comprising the steps of: (a)communicating a second PIN and a second primary identification over theancillary communications network to the authentication authority; (b)receiving a second encrypted passcode over the ancillary communicationsnetwork from the authentication authority; (c) decrypting the secondpasscode using a key of a second asymmetric key pair; and (d)communicating the second passcode and a second user ID over thecommunications network to another access authority.
 94. The method ofclaim 93, wherein the second PIN and second primary identification arecommunicated over the ancillary communications network using a personalcommunications device.
 95. The method of claim 94, wherein the secondprimary identification comprises (i) a device ID of the personalcommunications device and (ii) a second domain ID.
 96. Computer-readablemedium having computer-executable instructions that perform the methodof claim
 70. 97. Computer-readable medium having computer-executableinstructions that perform a method comprising the steps of: (a)generating an asymmetric key pair generally unique to a domain ID; (b)communicating a first key of the asymmetric key pair in association witha device ID to an authentication authority over an ancillarycommunications network; (c) receiving a PIN from a user throughuser-input of the device; (d) communicating the PIN and a first primaryidentification over the ancillary communications network to theauthentication authority; (e) receiving an encrypted passcode over theancillary communications network from the authentication authority; (f)decrypting the passcode using the second key of the asymmetric key pair,and (g) displaying the passcode to the user.
 98. The computer-readablemedium of claim 97, wherein the first primary identification comprisesthe device ID and the domain ID.
 99. The computer-readable medium ofclaim 97, wherein the method includes the further steps of: (a)generating a second asymmetric key pair generally unique to a seconddomain ID; (b) communicating a first key of the second asymmetric keypair in association with the device ID to the authentication authorityover the ancillary communications network; (c) receiving a second PINfrom a user through user-input of the device; (d) communicating thesecond PIN and a second primary identification over the ancillarycommunications network to the authentication authority; (e) receiving anencrypted second passcode over the ancillary communications network fromthe authentication authority; (f) decrypting the second passcode usingthe second key of the second asymmetric key pair; and (g) displaying thesecond passcode to the user.
 100. The computer-readable medium of claim99, wherein the second primary identification comprises the device IDand the second domain ID.
 101. Computer-readable medium havingcomputer-executable instructions that perform a method comprising thesteps of, during registration of an authorized user with respect to anetwork resource: (a) generating a first asymmetric key pair generallyunique to a domain ID; (b) communicating a first key of the firstasymmetric key pair in association with a device ID of a device to anauthentication authority over an ancillary communications network; (c)receiving a first key of an asymmetric key pair of the authenticationauthority over the ancillary communications network; (d) receiving a PINfrom a user through user-input of the device; (e) encrypting the PINusing the fist key of the asymmetric key pair of the authenticationauthority; (f) communicating the encrypted PIN over the ancillarycommunications network to the authentication authority in associationwith the device ID; (g) receiving an encrypted registration code overthe ancillary communications network from the authentication authority;(h) decrypting the registration code using the second key of the firstasymmetric key pair, and (i) displaying the registration code to theuser.
 102. The computer-readable medium of claim 101, wherein the methodfurther comprises the steps of, following registration of the authorizeduser: (a) receiving a suspect PIN from a suspect user through theuser-input of the device; (b) communicating the suspect PIN and a firstprimary identification over the ancillary communications network to theauthentication authority; (c) receiving an encrypted passcode over theancillary communications network from the authentication authority; (d)decrypting the passcode using the second key of the first asymmetric keypair; and (e) displaying the passcode to the suspect user.
 103. Thecomputer-readable medium of claim 102, wherein the first primaryidentification comprises the device ID and the domain ID.
 104. Thecomputer-readable medium of claim 101, wherein the method furthercomprises the steps of, during registration of the authorized user withrespect to a second network resource: (a) generating a second asymmetrickey pair generally unique to a second domain ID; (b) communicating afirst key of the second asymmetric key pair in association with thedevice ID to the authentication authority over the ancillarycommunications network; (c) receiving a first key of a second asymmetrickey pair of the authentication authority over the ancillarycommunications network; (d) receiving a second PIN from the user throughuser-input of the device; (e) encrypting the second PIN using the fistkey of the second asymmetric key pair of the authentication authority;(f) communicating the encrypted PIN over the ancillary communicationsnetwork to the authentication authority in association with the deviceID; (g) receiving an encrypted second registration code over theancillary communications network from the authentication authority; (h)decrypting the second registration code using the second key of thesecond asymmetric key pair; and (i) displaying the second registrationcode to the user.
 105. The computer-readable medium of claim 104,wherein the method further comprises the steps of, followingregistration of the authorized user with respect to the second networkresource: (a) receiving a suspect second PIN through the user-input ofthe device; (b) communicating the suspect second PIN and a secondprimary identification over the ancillary communications network to theauthentication authority; (c) receiving an encrypted second passcodeover the ancillary communications network from the authenticationauthority; (d) decrypting the second passcode using the second key ofthe second asymmetric key pair; and (e) displaying the second passcode.106. The computer-readable medium of claim 105, wherein the secondprimary identification comprises the device ID and the second domain ID.107. The computer-readable medium of claim 101, wherein the methodfurther comprises the steps of, (a) during registration of theauthorized user, receiving a first key of a secondary asymmetric keypair of the authentication authority over the ancillary communicationsnetwork; and (b) after registration of the authorized user, (i)receiving a challenge from an access authority from which access to thenetwork resource is sought; (ii) receiving a suspect PIN from a suspectuser through the user-input of the device; (iii) calculating a challengeresponse as a function of the challenge, the suspect PIN, and the firstkey of the secondary key pair of the authentication authority; and (iv)displaying the challenge response to the suspect user.
 108. The methodof claim 107, wherein the challenge is received through the user-inputof the device.
 109. The method of claim 107, wherein the functioncomprises hashing the challenge, suspect PIN, and first key of thesecondary key pair of the authentication authority.
 110. A method forregistering for access by an authorized user with respect to a networkresource, comprising the steps of: (a) generating a first asymmetric keypair generally unique to a device of the authorized user, (b)communicating in association with a device ID of the device to anauthentication authority over an ancillary communications network both afirst key of the first asymmetric key pair and a PIN of the authorizeduser; (c) receiving an encrypted registration code over the ancillarycommunications network from the authentication authority; (d) decryptingthe registration code using the second key of the first asymmetric keypair of the device; and (e) communicating the registration code to anaccess authority over a communications network in association with auser ID that identifies the authorized user to the access authority.111. The method of claim 110, wherein the PIN is not stored within thedevice following its encryption and communication to the authenticationauthority and wherein the second key of the key pair of the device isnot exported from the device.
 112. A system in which an authorized useris registered with an authentication authority for later authenticatingof a suspect user seeking to gain access from an access authority to anetwork resource, comprising the steps of: (a) generating within adevice of the authorized user a first asymmetric key pair of theauthorized user that is generally unique to the device, and (b)communicating with the device a first key of the first asymmetric keypair in association with a device ID of the device to the authenticationauthority over an ancillary communications network; (c) by theauthentication authority, (i) receiving and maintaining the first key inassociation with the device ID, and (ii) communicating to the device ofthe authorized user over the ancillary communications network a firstkey of a first key asymmetric key pair of the authentication authoritythat is unique to a domain ID; (d) by the authorized user, (i)encrypting with the device using the fist key of the asymmetric key pairof the authentication authority a PIN of the authorized user that isentered into the device, and (ii) communicating the encrypted PIN inassociation with the device ID to the authentication authority over theancillary communications network; (e) by the authentication authority,(i) decrypting the PIN and maintaining the PIN in association with thedevice ID and the domain ID, (ii) encrypting using the first keyassociated with the device ID a registration code, and (iii)communicating the registration code to the device of the authorized userover the ancillary communications network; (f) by the authorized user,(i) decrypting within the device the encrypted registration code usingthe second key of the first asymmetric key pair of the authorized user,and (ii) communicating over a communications network the registrationcode to an access authority in association with a user ID identifyingthe authorized user to the access authority; and (g) comparing theregistration code received with the user ID with the registration codeencrypted and sent to the authorized user.
 113. The method of claim 112,wherein the PIN is not stored within the device following its encryptionand communication to the authentication authority and wherein the secondkey of the key pair of the device is not exported from the device. 114.The system of claim 112, wherein the first asymmetric key pair of theauthorized user in combination with the device ID is further unique tothe domain ID.
 115. The system of claim 112, further comprising the stepof communicating by the access authority the user ID and theregistration code to the authentication authority.
 116. The system ofclaim 112, wherein said step of comparing the registration code receivedwith the user ID with the registration code encrypted and sent to theuser is performed by the authentication authority.
 117. The system ofclaim 112, further comprising the step of communicating over thecommunications network the device ID with the registration code to theaccess authority.
 118. The system of claim 117, further comprising thestep of communicating the device ID with the registration code and userID to the authentication authority.
 119. The system of claim 93, furthercomprising maintaining the user ID in association with the device IDsuch that a passcode maintained in association with the device ID isretrievable based on the user ID.
 120. A method of granting access to asuspect user seeking to access a network resource, comprising the stepsof: (a) first, (i) maintaining credentials of the authorized user suchthat the credentials are retrievable based on the user ID, (ii)receiving a user ID, registration code, and suspect credentials, (iii)comparing the suspect credentials with the credentials maintained inassociation with the user ID, and (iv) upon a successful authenticationof the user ID by matching the suspect credentials with the maintainedcredentials, communicating the user ID and registration code to anauthentication authority; and (b) thereafter, granting access to thenetwork resource to a suspect user upon, (i) receiving a user ID andpasscode from the suspect user, (ii) communicating the user ID andpasscode to the authentication authority, and (iii) receiving anindication of a successful passcode comparison by the authenticationauthority.
 121. The method of claim 120, further comprising the stepsof, (a) additionally receiving suspect credentials with the user ID andpasscode, (b) comparing the suspect credentials with the credentialsmaintained in association with the user ID, and (c) communicating theuser ID to the authentication authority only upon a successful match ofthe suspect credentials with the maintained credentials. 122.Computer-readable medium having computer-executable instructions forperforming the method of claim
 120. 123. A computer system including thecomputer-readable medium of claim
 122. 124. A method of upgrading asingle-factor authentication system to a multi-factor authenticationsystem wherein a suspect user seeks access to a network resource, thesingle-factor authentication system including the binding of a user IDwith credentials of an authorized user, the method comprising the stepsof: (a) initially, (i) binding a device ID of a device with a PIN, (ii)binding the device ID with a private key of the device, and (iii)binding the device ID with the user ID, including authenticating theuser ID with the credentials; and (b) thereafter, (i) authenticating thedevice ID including, as part thereof, communicating from the device thedevice ID and the PIN over an ancillary communications network, (ii)authenticating the device including, as part thereof, communicating tothe device a passcode encrypted with the public key corresponding to thedevice private key and decrypting the passcode using the device privatekey, and (iii) communicating the unencrypted passcode over acommunications network with the user ID.
 125. The method of claim 124,wherein the device ID is communicated over the ancillary communicationsnetwork to an authentication authority and the unencrypted passcode iscommunicated over the communications authority to an access authority.126. The method of claim 125, wherein the unencrypted passcode issubsequently communicated to the authentication authority for comparisonwith the passcode sent encrypted to the device.
 127. The method of claim124, wherein the passcode must be received over the communicationsnetwork within a predetermined amount of time after being communicatedencrypted to the device in order to gain access to the network resource.128. The method of claim 127, wherein the predetermined period of timeis less than ninety seconds.
 129. The method of claim 127, wherein thepredetermined period of time is less than a hour.
 130. The method ofclaim 124, wherein the communications network is the Internet.
 131. Themethod of claim 124, wherein the communications network is an intranet.132. The method of claim 124, wherein the communications network is anuntrusted network.
 133. The method of claim 124, wherein communicationsover the communications network are encrypted.
 134. The method of claim124, wherein the ancillary communications network is atelecommunications network.
 135. The method of claim 124, wherein theancillary communications network is a trusted network.
 136. The methodof claim 124, wherein the device is a personal communications device.137. The method of claim 136, wherein the personal communications devicecomprises a PDA.
 138. The method of claim 136, wherein the personalcommunications device comprises a wireless device.
 139. The method ofclaim 136, wherein the personal communications device 10 comprises a GPSdevice.
 140. The method of claim 136, wherein the personalcommunications device comprises a JAVA-enabled device.
 141. The methodof claim 136, wherein the personal communications device comprises amobile phone.
 142. The method of claim 136, wherein the personalcommunications device comprises a two-way pager device.